Total
29077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14615 | 1 Watchguard | 1 Fireware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. | |||||
| CVE-2017-6716 | 1 Cisco | 1 Firepower Management Center | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6. | |||||
| CVE-2016-0713 | 1 Cloudfoundry | 1 Cf-release | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
| Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | |||||
| CVE-2015-3296 | 1 Nodebb | 1 Nodebb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | |||||
| CVE-2017-16799 | 1 Cmsmadesimple | 1 Cmsmadesimple | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | |||||
| CVE-2017-1101 | 1 Ibm | 1 Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662. | |||||
| CVE-2017-12345 | 1 Cisco | 1 Data Center Network Manager | 2024-02-04 | 4.3 MEDIUM | 4.7 MEDIUM |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | |||||
| CVE-2017-15947 | 1 Aspsource | 1 Simple Asc Content Management System | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. | |||||
| CVE-2018-5366 | 1 Wpglobus | 1 Wpglobus | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php. | |||||
| CVE-2015-9230 | 1 Ait-pro | 1 Bulletproof Security | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. | |||||
| CVE-2017-1600 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613. | |||||
| CVE-2017-1000227 | 1 Parallelus | 1 Salutation | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | |||||
| CVE-2017-9622 | 1 Epesi | 1 Epesi | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | |||||
| CVE-2017-7855 | 1 Icewarp | 1 Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | |||||
| CVE-2018-5288 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | |||||
| CVE-2017-17925 | 1 Ordermanagementscript | 1 Professional Service Script | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||||
| CVE-2017-16514 | 1 Websitebaker | 1 Websitebaker | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. | |||||
| CVE-2017-9331 | 1 Epesi | 1 Epesi | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | |||||
| CVE-2014-9701 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php. | |||||
| CVE-2017-15194 | 1 Cacti | 1 Cacti | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | |||||